Scribd Logo
Upload

Welcome to Scribd!

  • Active Directory Database Structure

    Uploaded by

    Rajesh Kumar
    251 views6 pages
    AD

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    AD

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    251 views6 pages

    Active Directory Database Structure

    Uploaded by

    Rajesh Kumar
    AD

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    ACTIVE DIRECTORY DATABASE STRUCTURE

    Database File

    : Ntds.dit

    DIT

    : Directory Information Tree

    Default Path

    : \Windows\ntds\ntds.dit

    Default size of ntds.dit

    :10 MB (win 2000)


    12 MB (win 2003)

    Ntds.dit file is divided into multiple partitions. They are as follows

    a) Schema Partition
    b) Configuration Partition
    c) Domain partition

    d) Application Partition (only in case of windows 2003)


    Note: Application Partition is not available in windows 2000

    FRONT END TOOL TO EDIT NTDS.DIT

    a) Active directory users and computers (or) dsa.msc


    b) Active directory domain and trusts
    c) Active directory sites and services
    d) Active directory schema
    Note: Active directory schema is hidden

    SCHEMA PARTITION
    It contains the object class and attributes. And also contains the source template
    for the creation of the domain objects. Throughout the entire forest the same
    schema will maintained. Schema admin only has the full control to edit the
    schema partition. This schema is created during the root DC. Tool used to edit
    this is Active directory schema.

    DOMAIN PARTITION
    Domain partition contains the entire domain objects like user accounts,
    passwords, and group objects membership information. Each and every domain
    has its own domain partition because it is entirely different compared to other
    domain.

    CONFIGURATION PARTITION
    It contains the configuration parameters of the forest like how many trees,
    domains and its names, global catalog, sited and names, trust relationship Etc.
    Throughout the entire forest the same configuration partition will maintain. By
    default it is in root DC. Enterprise admin has the full control over this partition.

    APPLICATION PARTITION
    Application partition is only available in windows 2003.It contains the information
    about the active directory integrated applications like DNS, authorized DHCP
    information .etc

    PERMISSIONS

    Schema partition
    o

    Schema admin has the permission over this partition

    Tool used is active directory schema

    Configuration Partition
    Enterprise admin has the permission over this partition
    o

    Tool used is active directory domain and trusts, active directory sited
    and services

    Domain Partition
    o

    Domain admin, Administrator, Enterprise admin, account operator has


    the permission.

    Tool used is active directory users and computers

    NOTE:
    ROOT DC - All the three partitions schema, configuration and domain partitions is in
    R/W mode.

    ADDITIONAL DOMAIN CONTROLLER - First two partitions schema and


    configuration Partition is in R/W mode and third partition is in Read mode.

    CHILD DOMAIN CONTROLLER - First two partitions schema and configuration


    Partition will be in read mode which is replicated from Root DC. And the newly
    created domain partition is in R/W mode. This domain partition is no way related
    With root domain or other domain partition.

    MANAGING OPERATION MASTERS


    [FSMO] FLEXIBLE SINGLE MASTER OPERATIONS
    There are five roles. They are
    1)
    2)
    3)
    4)
    5)

    Schema master
    Domain Naming master
    PDC Emulator
    RID master
    Infrastructure master

    FOREST WIDE ROLES


    a) Schema master
    b) Domain naming master

    SCHEMA MASTER
    a) Responsible for maintaining schema partition in AD database
    b) Responsible for creation, deletion, modification and extending of entries in
    schema partition of AD database
    c) Schema master contains read write copy of schema partition

    d) It is a forest wide role


    e) Throughout the entire forest only one schema will maintain
    f) Available only in root DC
    g) Schema admin will have the control over the schema master
    h) Tool used is AD schema
    i)

    Only the users from the root domain will be the member of schema admin. By
    default administrator will be the member

    DOMAIN NAMING MASTER


    a) Responsible for creation of trees, domains and child domains in the forest
    b) Responsible for maintaining unique names
    c) This should be global catalog
    d) It has the read write copy of configuration partition
    e) Enterprise admin has the full control
    f) It is a forest wide role
    g) For entire forest only one domain naming master will be maintain
    h) By default root dc is the domain naming master

    DOMAIN WIDES ROLES


    a) PDC Emulator
    b) RID master
    c) Infrastructure master

    PDC EMULATOR [Primary Domain Controller]


    a) It acts as a PDC for NT 4.0 based BDCs
    b) Updates the password to the AD database which originates from the prewindows 2k clients
    c) Responsible for time synchronization for the entire forest with the help of time
    server
    d) Reduces the replication latency of the password changes between clients and
    DC
    e) Responsible for urgent replications between the DCs in the case of account
    locking/unlocking, password resetinf, account renaming, account disabling
    f) Responsible for group policy templates replication between the domain
    g) Also responsible for avoiding the group policy template replication conflict

    h) This is domain wide role


    i) Each and every domain has the PDC emulator
    j) Domain admin and administrator rights are enough for this.

    RID MASTER [Relative Identification]


    a) Responsible for assigning RIDs for each every domain objects
    b) Root RID masters assigns the pool of RIDs to the child RID masters
    c) Maintains unique IDs even after moving the objects between the domains
    d) It Responsible for maintaining the object uniqueness
    e) It is a domain wide role

    INFRASTRUCTURE MASTER
    a) It is a domain wide role
    b) It is Responsible for interchanging the domain infrastructure information to the
    other domain (E.g.) AGDLP strategy

    MANAGING ACTIVE DIRECTORY DATABASE


    FILES IN NTDS FOLDER
    a)
    b)
    c)
    d)
    e)

    ntds.dit
    edb.chk
    edb.log
    res1.log
    res2.log

    1) ntds.dit - It is a actual database file.


    Size: 10 MB (win 2000)
    12 MB (win 2003)
    2) edb.chk - It is responsible for tracking the changes/updates occurred in the
    Database. It uses the transaction log file as the reference. Check
    point file is in terms of KB

    3) edb.log -

    Each and every transactions occurred in the database will be

    logged.
    It is a extensive database transaction log file. Minimum and
    Maximum log file size is 10 MB. We cannot able to access the file
    only Engine has the permission. Once the 10 MB is full it will be
    rename a Automatically.
    4) res1.log & res2.log - For reserving 20 MB free space when the HDD run out of
    disk space.

    You might also like